Work with Vulnerabilities
Vulnerabilities are aspects of your app that can make it susceptible to attackers. Within each organization, app, and scan-level vulnerability you can view information about the vulnerability and replay the attack so that you can learn how to remediate it and improve the security of your application. You can leave comments on vulnerabilities to help you and others better understand and remediate the vulnerability.
To help you determine the priority of a vulnerability, the following information is available for each vulnerability:
To help you test vulnerability fixes, you can replay an attack.
Filtering helps you find vulnerabilities based on your criteria. In addition to creating and saving unique filters, we provided several quick filters, such as the New filter that shows the number of vulnerabilities found in the most recent scan. In the search results, you can sort by the last time a vulnerability was found using the Last Discovered date.
Use search filters to choose the attributes of the assets you want to find. The more filters you add, the more refined your results are. To see only the vulnerabilities that meet all of the filter criteria, combine filters using the AND operator. Use the OR operator to show all vulnerabilities that meet any of the filter criteria.
A filter compares certain properties of vulnerabilities to a value or regular expression using one of the following operators:
- = (equals)
- != (does not equal)
- does not contain
- starts with
- ends with
- Like (regular expression)
- is null
- is not null
A circle on the left side of the filters indicates whether the expression in the field is allowed. If the circle is red in color, the filter is incomplete or incorrect.
Create and save a filter
You can filter vulnerabilities within an organization on the All Vulnerabilities page, vulnerabilities in a specific app on the Vulnerabilities tab, and vulnerabilities in a scan on the Scans tab.
- Go to the Vulnerabilities page, tab, or Scans tab where the vulnerabilities you want to filter are.
- In the search query bar, enter the expression for the filter.
- Click Apply to view search results.
- Click Save to be able to reuse the filter.
Filter: Vulnerabilities Found During Mapping
To view any vulnerabilities found during the updated vulnerability mapping process, copy the following query into the query bar and update with your criteria.
vulnerability.discoveries.discovered BETWEEN 6/23/2020 AND 6/24/2020 AND vulnerability.status = “Unreviewed”
App permissions required
Users must have access to the app where the vulnerability was discovered to view the vulnerability details.
Each vulnerability provides general details about the following:
- Module Type - The name of the attack used, for example SQL Injection.
- Severity - The severity assigned to this type of vulnerability, which can either be the default module severity or the selected severity from a custom attack module.
- Depending on your level of access, you can also change the severity and status of the vulnerability in this area.
- Vulnerability status
- Detection - When the vulnerability was first and most recently discovered, as well as how many times it was detected.
- General information - A link to the app where the vulnerability was found, a unique hexadecimal ID for the instance, and an indicator of whether this instance of the vulnerability was exported to Jira.
- Root cause - The URL of the web resource where the vulnerability was found and the HTTP request parameter and method that was used for the attack
Copy Vulnerability Link
Use the Copy Vulnerability Link button to copy and share the link to the vulnerability information. You can share this link with anyone, however only users with valid login credentials for InsightAppSec will be able to see it.
You can view details about the vulnerability and recommendations on how to solve it in the Attack Information section. You will also find links to references from industry-standard councils such as NIST, OWASP, and DISA, which you can use to gather more information about the vulnerability.
InsightAppSec can attempt multiple variations of the same attack on a URL to ensure the security of your applications against a variety of attacks. For example, you may have protected your application against some special characters in web forms, but not others. The Attack Variances section contains multiple tabs for each variation of an attack attempted by InsightAppSec.
Attack variance includes information about the following:
- Traffic snapshot
- Original. The original, non-malicious value of the parameter, which is used to observe normal behavior of the app.
- Traffic snapshot
- System error message
- In-depth description
In addition to viewing attack variance information and snapshots, you can replay the attack.
You can replay the attack using the Rapid7 AppSec Plugin for Chrome browsers. Replaying the attack provides a view of how the attack was made so you can add that behavior to a scan.
You might replay an attack:
- To understand the attack traffic being sent to the app
- To monitor for that type of attack in real-time
- To test whether a fix has been effective
Use case: Test an attack fix
In one of your apps, a vulnerability showed the attack information. You want to understand the attack, fix the issue, and ensure it works before closing the vulnerability.
- In the active vulnerability, click Replay Attack.
- Review the attack to better understand the attack traffic being sent to the app.
- Implement a fix. For example, change how the app responds to the attack traffic.
- Go back to the active vulnerability and replay the attack.
- Repeat until the fix works against the attack.
Your fix successfully stopped the attack.
This table shows a list of all the scans where this vulnerability has been found in your environment.
When was the vulnerability last found?
If a vulnerability was last discovered in a scan over 6 months ago, the vulnerability may have been resolved. Test the vulnerability to determine if it’s still active.
The Change History shows the time a status update or severity change was made on a vulnerability, the event, and which user made the change.
Comments are a great way to add notes to yourself, communicate your comments to anyone else who is looking at the vulnerability, and learn about any previous discoveries about the vulnerability.
Admins can add, edit, and delete any comments. Users with read-write access to the app can add comments and edit and delete their own comments. Users with read-only access to the app can view comments.